summaryrefslogtreecommitdiffstats
path: root/kubernetes/vvp/charts/vvp-ext-haproxy
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/vvp/charts/vvp-ext-haproxy')
-rw-r--r--kubernetes/vvp/charts/vvp-ext-haproxy/Chart.yaml18
-rw-r--r--kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file79
-rw-r--r--kubernetes/vvp/charts/vvp-ext-haproxy/templates/configmap.yaml21
-rw-r--r--kubernetes/vvp/charts/vvp-ext-haproxy/templates/deployment.yaml66
-rw-r--r--kubernetes/vvp/charts/vvp-ext-haproxy/templates/service.yaml34
-rw-r--r--kubernetes/vvp/charts/vvp-ext-haproxy/values.yaml63
6 files changed, 281 insertions, 0 deletions
diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/Chart.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/Chart.yaml
new file mode 100644
index 0000000000..721912d3c9
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-ext-haproxy/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: load balancer for external transport
+name: vvp-ext-haproxy
+version: 3.0.0
diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file b/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file
new file mode 100644
index 0000000000..ca7b40a7bc
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file
@@ -0,0 +1,79 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+backend gitlab_ssh
+ mode tcp
+ option tcplog
+ timeout server 2h
+ server gitlabssh vvp-gitlab:22 resolvers dns
+
+frontend gitlab_ssh_frontend
+ mode tcp
+ option tcplog
+ timeout client 2h
+ bind 0.0.0.0:22
+ acl is_ssh dst_port 22
+ use_backend gitlab_ssh if is_ssh
+
+backend portal_backend
+ mode http
+ server ice_portal vvp:8181 resolvers dns
+
+backend api
+ mode http
+ server engagement_manager vvp-em-uwsgi:80 resolvers dns
+
+backend s3
+ mode http
+ balance roundrobin
+ option httpchk HEAD /
+ server ceph-01 10.252.0.21:8080 check inter 10000ms
+
+frontend portal
+ mode http
+ acl is_api_call path_beg -i /vvp
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+ use_backend api if is_api_call
+ use_backend s3 if is_s3
+ bind 0.0.0.0:80
+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
+ default_backend portal_backend
+
+listen stats
+ bind 0.0.0.0:9001
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ http-request deny if !network_allowed
diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/templates/configmap.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/configmap.yaml
new file mode 100644
index 0000000000..0bb0e264cb
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/configmap.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-cfg
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/ext-haproxy-cfg/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/templates/deployment.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/deployment.yaml
new file mode 100644
index 0000000000..afe8c75425
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/deployment.yaml
@@ -0,0 +1,66 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 22
+ - containerPort: 443
+ - containerPort: 9001
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: ext-haproxy-cfg
+ - mountPath: /etc/haproxy/
+ name: site-pem
+ volumes:
+ - name: ext-haproxy-cfg
+ configMap:
+ name: {{ include "common.fullname" . }}-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
+ - name: site-pem
+ secret:
+ secretName: site-pem
diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/templates/service.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/service.yaml
new file mode 100644
index 0000000000..bcc41c1671
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-ext-haproxy/templates/service.yaml
@@ -0,0 +1,34 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName1 }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ - port: {{ .Values.service.internalPort4 }}
+ name: {{ .Values.service.portName4 }}
+ selector:
+ app: {{ include "common.name" . }}
diff --git a/kubernetes/vvp/charts/vvp-ext-haproxy/values.yaml b/kubernetes/vvp/charts/vvp-ext-haproxy/values.yaml
new file mode 100644
index 0000000000..88b32d7d77
--- /dev/null
+++ b/kubernetes/vvp/charts/vvp-ext-haproxy/values.yaml
@@ -0,0 +1,63 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: docker.io
+image: haproxy:1.7.2-alpine
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName1: web
+ internalPort1: 80
+ portName2: ssl
+ internalPort2: 443
+ portName3: ssh
+ internalPort3: 22
+ portName4: stats
+ internalPort4: 9000
+
+ingress:
+ enabled: false